[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by defau
From: |
Anthony Liguori |
Subject: |
Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by default |
Date: |
Tue, 22 Oct 2013 14:00:16 +0100 |
On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
<address@hidden> wrote:
> Inverting the way sandbox handles arguments, making possible to have no
> argument and still have '-sandbox on' enabled.
>
> Signed-off-by: Eduardo Otubo <address@hidden>
> ---
>
> The option '-sandbox on' is now used by default by virt-test[0] -- it has been
> merged into the 'next' branch and will be available in the next release,
> meaning we have a back support for regression tests if anything breaks because
> of some missing system call not listed in the whitelist.
>
> This being said, I think it makes sense to have this option set to 'on' by
> default in the next Qemu version. It's been a while since no missing syscall
> is
> reported and at this point the whitelist seems to be pretty mature.
>
> [0] -
> https://github.com/autotest/virt-test/commit/50e1f7d47a94f4c770880cd8ec0f18365dcba714
This breaks hot_add of a network device that uses a script= argument, correct?
If so, this cannot be made default.
Regards,
Anthony Liguori
>
> qemu-options.hx | 4 ++--
> vl.c | 47 ++++++++++++++++++++++++++++-------------------
> 2 files changed, 30 insertions(+), 21 deletions(-)
>
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 5dc8b75..315a86d 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -2982,13 +2982,13 @@ Old param mode (ARM only).
> ETEXI
>
> DEF("sandbox", HAS_ARG, QEMU_OPTION_sandbox, \
> - "-sandbox <arg> Enable seccomp mode 2 system call filter (default
> 'off').\n",
> + "-sandbox <arg> Enable seccomp mode 2 system call filter (default
> 'on').\n",
> QEMU_ARCH_ALL)
> STEXI
> @item -sandbox @var{arg}
> @findex -sandbox
> Enable Seccomp mode 2 system call filter. 'on' will enable syscall filtering
> and 'off' will
> -disable it. The default is 'off'.
> +disable it. The default is 'on'.
> ETEXI
>
> DEF("readconfig", HAS_ARG, QEMU_OPTION_readconfig,
> diff --git a/vl.c b/vl.c
> index b42ac67..ae3bdc9 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -529,6 +529,20 @@ static QemuOptsList qemu_msg_opts = {
> },
> };
>
> +static QemuOpts *qemu_get_sandbox_opts(void)
> +{
> + QemuOptsList *list;
> + QemuOpts *opts;
> +
> + list = qemu_find_opts("sandbox");
> + assert(list);
> + opts = qemu_opts_find(list, NULL);
> + if (!opts) {
> + opts = qemu_opts_create_nofail(list);
> + }
> + return opts;
> +}
> +
> /**
> * Get machine options
> *
> @@ -960,24 +974,9 @@ static int bt_parse(const char *opt)
> return 1;
> }
>
> -static int parse_sandbox(QemuOpts *opts, void *opaque)
> +static bool sandbox_enabled(bool default_usb)
> {
> - /* FIXME: change this to true for 1.3 */
> - if (qemu_opt_get_bool(opts, "enable", false)) {
> -#ifdef CONFIG_SECCOMP
> - if (seccomp_start() < 0) {
> - qerror_report(ERROR_CLASS_GENERIC_ERROR,
> - "failed to install seccomp syscall filter in the
> kernel");
> - return -1;
> - }
> -#else
> - qerror_report(ERROR_CLASS_GENERIC_ERROR,
> - "sandboxing request but seccomp is not compiled into
> this build");
> - return -1;
> -#endif
> - }
> -
> - return 0;
> + return qemu_opt_get_bool(qemu_get_sandbox_opts(), "sandbox",
> default_usb);
> }
>
> bool usb_enabled(bool default_usb)
> @@ -3806,8 +3805,18 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
>
> - if (qemu_opts_foreach(qemu_find_opts("sandbox"), parse_sandbox, NULL,
> 0)) {
> - exit(1);
> + if (sandbox_enabled(true)) {
> +#ifdef CONFIG_SECCOMP
> + if (seccomp_start() < 0) {
> + qerror_report(ERROR_CLASS_GENERIC_ERROR,
> + "failed to install seccomp syscall filter in the
> kernel");
> + return -1;
> + }
> +#else
> + qerror_report(ERROR_CLASS_GENERIC_ERROR,
> + "sandboxing request but seccomp is not compiled into
> this build");
> + return -1;
> +#endif
> }
>
> #ifndef _WIN32
> --
> 1.8.3.1
>